@browserbasehq/mcp-server-browserbase

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    15:     const modelApiKey = config.modelApiKey ||
    16:         process.env.GEMINI_API_KEY ||
>>> 17:         process.env.GOOGLE_API_KEY;
    18:     const stagehand = new Stagehand({
    19:         env: "BROWSERBASE",

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    14:     const modelName = params.modelName || config.modelName || "gemini-2.0-flash";
    15:     const modelApiKey = config.modelApiKey ||
>>> 16:         process.env.GEMINI_API_KEY ||
    17:         process.env.GOOGLE_API_KEY;
    18:     const stagehand = new Stagehand({

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44:     return {
    45:         browserbaseApiKey: process.env.BROWSERBASE_API_KEY ?? "",
>>> 46:         browserbaseProjectId: process.env.BROWSERBASE_PROJECT_ID ?? "",
    47:         server: {
    48:             port: cliOptions.port,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10:         const hasModelApiKey = config.modelApiKey ||
    11:             process.env.GEMINI_API_KEY ||
>>> 12:             process.env.GOOGLE_API_KEY;
    13:         if (modelName.includes("gemini") && !hasModelApiKey) {
    14:             console.error(`Need to set GEMINI_API_KEY or GOOGLE_API_KEY in your environment variables`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9:         const modelName = config.modelName || "gemini-2.0-flash";
    10:         const hasModelApiKey = config.modelApiKey ||
>>> 11:             process.env.GEMINI_API_KEY ||
    12:             process.env.GOOGLE_API_KEY;
    13:         if (modelName.includes("gemini") && !hasModelApiKey) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    29:                     apiKey: process.env.GEMINI_API_KEY ||
    30:                         process.env.GOOGLE_API_KEY ||
>>> 31:                         process.env.GOOGLE_GENERATIVE_AI_API_KEY,
    32:                 },
    33:             });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    28:                     modelName: "google/gemini-2.5-computer-use-preview-10-2025",
    29:                     apiKey: process.env.GEMINI_API_KEY ||
>>> 30:                         process.env.GOOGLE_API_KEY ||
    31:                         process.env.GOOGLE_GENERATIVE_AI_API_KEY,
    32:                 },

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    27:                 model: {
    28:                     modelName: "google/gemini-2.5-computer-use-preview-10-2025",
>>> 29:                     apiKey: process.env.GEMINI_API_KEY ||
    30:                         process.env.GOOGLE_API_KEY ||
    31:                         process.env.GOOGLE_GENERATIVE_AI_API_KEY,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    43: export async function configFromCLIOptions(cliOptions) {
    44:     return {
>>> 45:         browserbaseApiKey: process.env.BROWSERBASE_API_KEY ?? "",
    46:         browserbaseProjectId: process.env.BROWSERBASE_PROJECT_ID ?? "",
    47:         server: {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22:     if (!mergedConfig.modelApiKey) {
    23:         mergedConfig.modelApiKey =
>>> 24:             process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY;
    25:     }
    26:     // --------------------------------

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    2: const defaultConfig = {
    3:     browserbaseApiKey: process.env.BROWSERBASE_API_KEY ?? "",
>>> 4:     browserbaseProjectId: process.env.BROWSERBASE_PROJECT_ID ?? "",
    5:     proxies: false,
    6:     server: {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1: // Default Configuration Values
    2: const defaultConfig = {
>>> 3:     browserbaseApiKey: process.env.BROWSERBASE_API_KEY ?? "",
    4:     browserbaseProjectId: process.env.BROWSERBASE_PROJECT_ID ?? "",
    5:     proxies: false,

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u穖)��g)�)쵩e

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {"command":"npx @browserbasehq/mcp","env":{"BROWSERBASE_API_KEY":"","BROWSERBASE_PROJECT_ID":"","GEM

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��}歺������'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��}歺����^j[a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǏ���r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ
k�`� �m���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǏ���r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�ߊ
k�`� �m���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǏ���r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǏ���r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: z{.���}���'��*'"{^�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǏ���r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǒz�"�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: z{.���}���'��*'"{^�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: z{.���}���'��*'"{^�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: z{.���}���'��*'"{^�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�0���jǏ���r�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    46: 
    47: ```text
>>> 48: cursor://anysphere.cursor-deeplink/mcp/install?name=browserbase&config=eyJjb21tYW5kIjoibnB4IEBicm93c2VyYmFzZWhxL21jcCIsImVudiI6eyJCUk9XU0VSQkFTRV9BUElfS0VZIjoiIiwiQlJPV1NFUkJBU0VfUFJPSkVDVF9JRCI6IiIsIkdFTUlOSV9BUElfS0VZIjoiIn19
    49: ```
    50: 

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.